01/04: publish: Do not publish nars for invalid store items.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/04: publish: Do not publish nars for invalid store items.

From:	Ludovic Court�s
Subject:	01/04: publish: Do not publish nars for invalid store items.
Date:	Thu, 25 Feb 2016 11:48:43 +0000

civodul pushed a commit to branch master
in repository guix.

commit 0043558082d619d0dc51ef27acda8ebb299c2f2c
Author: Ludovic Courtès <address@hidden>
Date:   Thu Feb 25 11:48:17 2016 +0100

    publish: Do not publish nars for invalid store items.
    
    Before that, /nar requests could succeed if the requested store item
    exists but is invalid (although such requests were unlikely because the
    corresponding narinfo request would have failed.)
    
    * guix/scripts/publish.scm (render-nar): Add 'store' parameter.  Use
    'valid-path?' instead of 'file-exists?'.
    (make-request-handler): Adjust 'render-nar' call accordingly.
    * tests/publish.scm ("/nar/invalid"): New test.
---
 guix/scripts/publish.scm |    6 +++---
 tests/publish.scm        |    8 ++++++++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index 3d19738..5306afc 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -208,13 +208,13 @@ References: ~a~%"
                      (narinfo-string store store-path (force %private-key))
                      <>)))))
 
-(define (render-nar request store-item)
+(define (render-nar store request store-item)
   "Render archive of the store path corresponding to STORE-ITEM."
   (let ((store-path (string-append %store-directory "/" store-item)))
     ;; The ISO-8859-1 charset *must* be used otherwise HTTP clients will
     ;; interpret the byte stream as UTF-8 and arbitrarily change invalid byte
     ;; sequences.
-    (if (file-exists? store-path)
+    (if (valid-path? store store-path)
         (values '((content-type . (application/x-nix-archive
                                    (charset . "ISO-8859-1"))))
                 ;; XXX: We're not returning the actual contents, deferring
@@ -314,7 +314,7 @@ blocking."
            (render-narinfo store request hash))
           ;; /nar/<store-item>
           (("nar" store-item)
-           (render-nar request store-item))
+           (render-nar store request store-item))
           (_ (not-found request)))
         (not-found request))))
 
diff --git a/tests/publish.scm b/tests/publish.scm
index 0b92390..6c710fe 100644
--- a/tests/publish.scm
+++ b/tests/publish.scm
@@ -112,6 +112,14 @@ References: ~a~%"
        (call-with-input-string nar (cut restore-file <> temp)))
      (call-with-input-file temp read-string))))
 
+(test-equal "/nar/invalid"
+  404
+  (begin
+    (call-with-output-file (string-append (%store-prefix) "/invalid")
+      (lambda (port)
+        (display "This file is not a valid store item." port)))
+    (response-code (http-get (publish-uri (string-append "/nar/invalid"))))))
+
 (test-end "publish")

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (a65e2a0 -> 736f9ff), Ludovic Court�s, 2016/02/25
- 03/04: guix system: Restore load path after running the activation script., Ludovic Court�s, 2016/02/25
- 02/04: store: Clarify documentation of 'valid-path?'., Ludovic Court�s, 2016/02/25
- 01/04: publish: Do not publish nars for invalid store items., Ludovic Court�s <=
- 04/04: gnu: Add missing import in bioinformatics.scm., Ludovic Court�s, 2016/02/25

Prev by Date: 02/04: store: Clarify documentation of 'valid-path?'.
Next by Date: 04/04: gnu: Add missing import in bioinformatics.scm.
Previous by thread: 02/04: store: Clarify documentation of 'valid-path?'.
Next by thread: 04/04: gnu: Add missing import in bioinformatics.scm.
Index(es):
- Date
- Thread